For proper log correlation between the logging devices and FortiAnalyzer, FortiAnalyzer and all registered
devices should:
Use DNS
Use host name resolution
Use real-time forwarding
Use an NTP server
What are analytics logs on FortiAnalyzer?
Logs that are saved in the active log file with the. log extension.
Logs that are compressed and saved to a log file with the, gz extension.
Logs that are rolled over when the log file reaches a specific size.
Logs that are indexed and stored in the SQL database.
Analytics logs on FortiAnalyzer are those that are indexed and stored in the SQL database.
These logs are considered online and provide real-time access for analysis and reporting.
https://help.fortinet.com/fa/faz50hlp/56/5-6-2/FortiAnalyzer_Admin_Guide/0300_Key_concepts/0600_Log_Storage/0400_Archive_analytics_logs.htm
What are offline logs on FortiAnalyzer?
Compressed logs, also known as archive logs
Logs that are indexed and stored in the SQL database
Any logs collected from offline devices after they boot up
Real-time logs that are not yet indexed
Archive logs: When a real-time log file in Archive has been completely inserted, that file is compressed and considered to be offline." https://docs.fortinet.com/document/fortianalyzer/7.4.3/administration-guide/381919/logs
